MINOR: auth: silence null dereference warning in check_user()

In GH issue #1940 cppcheck warns about a possible null-dereference in
check_user() when DEBUG_AUTH is enabled. Indeed, <ep> may potentially
be NULL because upon error crypt_r() and crypt() may return a null
pointer. However it's not directly derefenced, it is only passed to
printf() with '%s' fmt. While it is in practice fine with the printf
implementations we care about (that check strings against null before
printing them), it is undefined behavior according to the spec, hence
the warning.

Let's check <ep> before passing it to printf. This should partly
solve GH #1940.

diff --git a/src/auth.c b/src/auth.c
index 8c263744da6beaaf32d2b71ba9b992851f4067d1..0031300bc58dd42c6b01246a72855e8b3e3111da 100644 (file)
--- a/src/auth.c
+++ b/src/auth.c
@@ -270,7 +270,7 @@ check_user(struct userlist *ul, const char *user, const char *pass)
                ep = pass;
 
 #ifdef DEBUG_AUTH
-       fprintf(stderr, ", crypt=%s\n", ep);
+       fprintf(stderr, ", crypt=%s\n", ((ep) ? ep : ""));
 #endif
 
        if (ep && strcmp(ep, u->pass) == 0)